Tag: microsoft
-
StilachiRAT Exploits Chrome for Crypto Wallets and Credentials
by
in SecurityNewsStilachiRAT: Sophisticated malware targets crypto wallets credentials. Undetected, it maps systems steals data. Microsoft advises strong security measures. First seen on hackread.com Jump to article: hackread.com/stilachirat-exploits-chrome-crypto-wallets-credentials/
-
New RAT malware used for crypto theft, reconnaissance
Microsoft has discovered a new remote access trojan (RAT) that employs “sophisticated techniques” to avoid detection, ensure persistence, and extract sensitive information data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-new-rat-malware-used-for-crypto-theft-reconnaissance/
-
WDAC und Driver Blocklist scheitern; MS will Video von Will Dormann
by
in SecurityNewsBrass zwischen Sicherheitsforscher Will Dormann und Microsoft? Dormann hatte die Tage einen Post auf Mastodon veröffentlicht, dass die Microsoft Vulnerable Driver Blocklist und WDAC auf drei unterschiedliche Arten scheitern, Windows zu schützen. Und als er ein Problem an Microsoft melden … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/17/windows-wdac-und-driver-blocklist-scheitern-ms-will-video-von-will-dormann/
-
March Windows updates mistakenly uninstall Copilot
by
in SecurityNewsMicrosoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-march-windows-updates-mistakenly-uninstall-copilot/
-
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
by
in SecurityNewsThreat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns. The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-365-targeted-in-new-phishing-account-takeover-attacks/
-
FCC creates national security council to counter cyber threats from China
by
in SecurityNews
Tags: 5G, access, ai, attack, breach, china, communications, computing, cyber, cyberattack, cybersecurity, data, espionage, government, group, hacking, incident, infrastructure, Internet, microsoft, office, strategy, supply-chain, technology, threat, vulnerabilityThree-pronged strategy: The council will pursue a tripartite strategy focusing on reducing dependency, mitigating vulnerabilities, and ensuring American technological leadership.First, it aims to reduce American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries. This goal aligns with broader government efforts to “friend-shore” critical technology supply chains and decrease reliance on potentially…
-
Microsoft wouldn’t look at a bug report without a video. Researcher maliciously complied
by
in SecurityNews
Tags: microsoftMaddening techno loop, Zoolander reference, and 14 minutes of time wasted First seen on theregister.com Jump to article: www.theregister.com/2025/03/17/microsoft_bug_report_troll/
-
Windows 10 und 11: Microsoft löscht versehentlich Copilot-App per Update
by
in SecurityNewsEinige werden sie vermissen, anderen wird sie kaum fehlen: Die Copilot-App ist auf manchen Windows-Systemen verschwunden. Schuld sind die März-Updates. First seen on golem.de Jump to article: www.golem.de/news/windows-10-und-11-microsoft-loescht-versehentlich-copilot-app-per-update-2503-194356.html
-
Motherboard Mishaps Undermine Trust, Security
by
in SecurityNewsMSI and Microsoft warn about new Windows Preview blue screens on some motherboards, the latest mishap to raise questions over the reliability of hardware and firmware. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/motherboard-mishaps-undermine-trust-security
-
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks
by
in SecurityNewsMicrosoft is aware of the issue, but so far its attempts to address it don’t appear to have worked, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
-
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
by
in SecurityNewsCybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool Ragnar Loader Desert Dexter. Attacks on Middle Eastern countries Ballista New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches […]…
-
Exchange Online- und MS365-Probleme durch Schwachstelle? (März 2025)
by
in SecurityNewsMicrosoft kämpft seit Februar 2025 mit Störungen seiner Microsoft 365-Dienste und Exchange Online, hält sich aber bezüglich der Ursache bedeckt. Mir liegen Informationen vor, dass ein Bug bzw. eine Schwachstelle in Microsoft Exchange Online dazu führte, dass ein Eingriff eines … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/exchange-online-und-ms365-probleme-durch-schwachstelle-maerz-2025/
-
Microsoft Update Catalog: Sicherheitsrisiko durch Rechteerweiterungen (CVE-2024-49147)
by
in SecurityNewsIch stelle noch eine Sicherheitsmeldung hier im Blog ein, die mir bereits seit Mitte Dezember 2024 vorliegt, aber “hängen geblieben ist”. Im Microsoft Update-Katalog gab es eine kritische Schwachstelle CVE-2024-49147, die im Microsoft Update Catalog Rechteerweiterungen ermöglichte. Diese Schwachstelle wurde … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/microsoft-update-catalog-sicherheitsrisiko-durch-rechteerweiterungen-cve-2024-49147/
-
Exchange Online- und MS365-Probleme durch Schwachstelle? (März 2025
by
in SecurityNewsMicrosoft kämpft seit Februar 2025 mit Störungen seiner Microsoft 365-Dienste und Exchange Online, hält sich aber bezüglich der Ursache bedeckt. Mir liegen Informationen vor, dass ein Bug bzw. eine Schwachstelle in Microsoft Exchange Online dazu führte, dass ein Eingriff eines … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/exchange-online-und-ms365-probleme-durch-schwachstelle-maerz-2025/
-
Microsoft restores VS Code theme flagged as malicious: We messed up
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-restores-vs-code-theme-flagged-as-malicious-we-messed-up
-
Week-long Exchange Online outage causes email failures, delays
by
in SecurityNewsMicrosoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/
-
Tech giants seek data standards amid AI push
Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Tech industry alliance rallies around data quality
by
in SecurityNewsMicrosoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Microsoft Windows: Kritische Sicherheitslücke entdeckt
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/microsoft-windows-kritische-sicherheitsluecke-2025
-
New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support
by
in SecurityNewsNew Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected. First seen on hackread.com Jump to article: hackread.com/new-microsoft-365-phishing-scam-calling-fake-support/
-
New Context Compliance Exploit Jailbreaks Major AI Models
by
in SecurityNewsMicrosoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most leading AI systems. In a technical blog post published on March 13, 2025, Microsoft’s Mark Russinovich detailed the >>Context Compliance Attack
-
New CCA Jailbreak Method Works Against Most AI Models
by
in SecurityNewsTwo Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems. The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-cca-jailbreak-method-works-against-most-ai-models/
-
Fast 1 Million Geschäfts- und Privat-PCs kompromittiert
by
in SecurityNews
Tags: ciso, control, cyersecurity, github, mail, malware, microsoft, powershell, ransomware, softwareEin Bericht von Microsoft zeigt, wie wichtig es für CISOs ist, das Sicherheitsbewusstsein ihrer Mitarbeiter zu schulen.Malware ist und bleibt ein massives Problem, welches CISOs zunehmend Kopfzerbrechen bereitet. Insbesondere wenn Mitarbeitende durch unvorsichtiges Online-Surfen ihre Geräte und ganze IT-Netzwerke mit Schadsoftware infizieren. Sind Systeme kompromittiert, kann das schwerwiegende Konsequenzen wie Ransomware-Attacken nach sich ziehen. Zu…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft
by
in SecurityNewsThreat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms to compromise user credentials. These attacks combine advanced brand impersonation techniques with malware proliferation, focusing on Microsoft 365-themed credential phishing designed to facilitate account takeovers (ATOs), as per a report shared in the platform, X.…
-
Silk Typhoon Targeting IT Supply Chains and Network Devices, Microsoft Reports
by
in SecurityNews
Tags: china, espionage, exploit, group, intelligence, microsoft, network, supply-chain, tactics, threatMicrosoft Threat Intelligence has issued new reporting about tactics being used by Silk Typhoon (also called APT27 or HAFNIUM by some researchers). Silk Typhoon is a Chinese espionage group, observed targeting Microsoft Exchange Servers in 2021, now reported to be targeting common IT solutions for initial access. Microsoft reports that Silk Typhoon exploits unpatched applications,……
-
Microsoft apologizes for removing VSCode extensions used by millions
by
in SecurityNewsMicrosoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn’t actually malicious. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/